diff options
| author | Yawning Angel <yawning@schwanenlied.me> | 2016-09-30 18:43:31 +0000 |
|---|---|---|
| committer | Yawning Angel <yawning@schwanenlied.me> | 2016-09-30 18:43:31 +0000 |
| commit | 847e001d288b7d02d589d8df699e84d4d6d363b6 (patch) | |
| tree | 080ce98406d5569ae1aa68ccedcbec97fb4f1bdd /doc | |
| parent | 53255e925c474f9d5cb30c1de4da025e6d709e9a (diff) | |
| download | tor-847e001d288b7d02d589d8df699e84d4d6d363b6.tar.gz tor-847e001d288b7d02d589d8df699e84d4d6d363b6.zip | |
Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.
The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 2e73b2784c..330f0c1e32 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1046,8 +1046,9 @@ The following options are useful only for clients (that is, if another. Recognized isolation flags are: **IsolateClientAddr**;; Don't share circuits with streams from a different - client address. (On by default and strongly recommended; - you can disable it with **NoIsolateClientAddr**.) + client address. (On by default and strongly recommended when + supported; you can disable it with **NoIsolateClientAddr**. + Unsupported and force-disabled when using Unix domain sockets.) **IsolateSOCKSAuth**;; Don't share circuits with streams for which different SOCKS authentication was provided. (On by default; |